12.2 Configuring the Connector for ServiceNow

You must go back and forth between the CloudAccess Admin page and the ServiceNow administration page to configure the connector for ServiceNow.

NOTE:You can configure multiple connectors, as long as each one connects to a unique instance of ServiceNow.

To configure the connector for ServiceNow:

  1. Log in with an appliance administrator account to the CloudAccess administration console at 

    https://appliance_dns_name/appliance/index.html

  2. Drag the connector for ServiceNow from the Applications palette to the Applications panel.

  3. Specify a unique display name for the connector to appear on the Admin page.

  4. Specify the login credentials for the administrator user of the ServiceNow instance.

  5. Specify the ServiceNow URL. You can cut and paste your instance URL in the ServiceNow management portal. For example, https://testinstance.service-now.com/

  6. (Optional) In the Assertion field, specify either username or email address. This field must match whatever you set in the trusted idp settings in ServiceNow when you configure the trust between CloudAccess and ServiceNow. (The choices in ServiceNow are email or user_name.)

    The connector validates the credentials before saving.

  7. Expand the Federation Instructions, then copy and paste the instructions into a text file to use during the ServiceNow configuration for single sign-on.

    NOTE:You must use a text editor that does not introduce hard returns or additional white space. For example, use Notepad instead of Wordpad.

  8. Click OK to save the configuration so far while you configure ServiceNow to work with CloudAccess.

  9. Log in to ServiceNow as the account administrator.

  10. Using the information from the Federation Instructions, configure the SAML 2.0 federation for CloudAccess in the ServiceNow management portal.

    You configure trust between CloudAccess and ServiceNow by enabling single sign-on, then creating CloudAccess as a trusted identity provider for the ServiceNow instance.

    NOTE:When you copy the appliance’s signing certificate, ensure that you include all leading and trailing hyphens in the certificate’s Begin and End tags.

  11. After you configure federation for CloudAccess in ServiceNow, generate and download the ServiceNow metadata file.

  12. On the CloudAccess Admin page, click the connector for ServiceNow, then click Configure.

  13. Upload the ServiceNow metadata file that you downloaded in Step 11 to the connector for ServiceNow.

  14. CloudAccess does not currently have any selection criteria for the naming policy for ServiceNow. Whatever the CN attribute is when the user is imported, that is the user name that is created in ServiceNow. For more information, see Section 2.4, How CloudAccess Provisions User Accounts.

  15. Click the Appmarks tab, then review and edit the default settings for the appmark. For more information, see Section 12.3, Configuring Appmarks for ServiceNow.

  16. Click OK to save the configuration.

  17. On the Admin page, click Apply to commit the changes to the appliance.

    Wait until the configuration changes have been applied on each node of the CloudAccess cluster.

  18. Click Policy in the toolbar, then perform policy mapping to specify entitlements for identity source roles (groups).

    For more information, see Mapping Authorizations in the CloudAccess Installation and Configuration Guide.

  19. After you complete the configuration, users can log in through CloudAccess to single sign-on to ServiceNow. The CloudAccess login page URL is:

    https://appliance_dns_name